1 Federated Identity Management in Healthcare: What is Needed and What is Feasible 2006 Spring...
-
Upload
felicia-sutton -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Federated Identity Management in Healthcare: What is Needed and What is Feasible 2006 Spring...
1
Federated Identity Federated Identity Management in Healthcare:Management in Healthcare:What is Needed and What is Feasible What is Needed and What is Feasible
2006 Spring Member Meeting2006 Spring Member Meeting
April 26, 2006April 26, 2006
Holt Anderson – NCHICA Executive DirectorHolt Anderson – NCHICA Executive Director
William Weems, Univ. of Texas Health Science Center at HoustonWilliam Weems, Univ. of Texas Health Science Center at Houston
Casey Webster, IBMCasey Webster, IBM
2
Session OutlineSession Outline
• Holt AndersonHolt Anderson
• Background of National HIT Initiatives from ONC
• Casey WebsterCasey Webster
• Challenges & Approaches in Developing the Nationwide
Health Information Network (NHIN) Architecture
• Bill WeemsBill Weems
• What is Possible Today!
• Question & Answer SessionQuestion & Answer Session
3
Background of National HIT Background of National HIT Initiatives from ONCInitiatives from ONC
Holt AndersonHolt Anderson
4
Standards Harmonization
ComplianceCertification
Nationwide Health Information Network
Privacy / Security
Health ITAdoption
Infr
astr
uct
ure
Ind
ust
ry T
ran
sfo
rmat
ion
Health Information Technology Deployment
Tec
hn
olo
gy
Ind
ust
ry
5
– HHS awarded a contract valued at $3.3 million to the American National Standards Institute, a non-profit organization that administers and coordinates the U.S. voluntary standardization activities, to convene the Health Information Technology Standards Panel (HITSP).
– The HITSP will develop, prototype, and evaluate a harmonization process for achieving a widely accepted and useful set of health IT standards that will support interoperability among health care software applications, particularly EHRs.
Standards Harmonization Process
6
• HHS awarded a contract valued at $2.7 million to the Certification Commission for Health Information Technology (CCHIT) to develop criteria and evaluation processes for certifying EHRs and the infrastructure or network components through which they interoperate.
• CCHIT will be required to submit recommendations for ambulatory EHR certification criteria in December 2005, and to develop an evaluation process for ambulatory health records in January 2006.
– Criteria will include the capabilities of EHRs to protect health information, standards by which EHRs can share health information and clinical features that improve patient outcomes.
Compliance Certification Process
7
• HHS awarded a contract valued at $11.5 million to RTI International, a private, non-profit corporation, to lead the Health Information Security and Privacy Collaboration (HISPC), a collaboration that includes the National Governors Association (NGA), up to 40 state and territorial governments, and a multi-disciplinary team of experts.
• RTI will oversee the HISPC to assess and develop plans to address variations in organization-level business policies and state laws that affect privacy and security practices that may pose challenges to interoperable electronic health information exchange while maintaining privacy protections.
Privacy and Security Solutions
8
• HHS awarded a contract valued in excess of $1 million to the George Washington University and Massachusetts General Hospital Harvard Institute for Health Policy to support the Health IT Adoption Initiative.
• The new initiative is aimed at better characterizing and measuring the state of EHR adoption and determining the effectiveness of policies to accelerate adoption of EHRs and interoperability.
• For more information visit: http://www.hitadoption.org/
Health Information Technology Adoption Initiative
9
Standards Harmonization
ComplianceCertification
Nationwide Health Information Network
Privacy / Security
Health ITAdoption
Infr
astr
uct
ure
Ind
ust
ry T
ran
sfo
rmat
ion
Health Information Technology Deployment
Tec
hn
olo
gy
Ind
ust
ry
10
• Contracts have been awarded by HHS totaling $18.6 million to four consortia of health care and health information technology organizations to develop prototypes for the Nationwide Health Information Network (NHIN) architecture.
– The contracts were awarded to: Accenture, Computer Sciences Corporation, IBM, and Northrop Grumman, along with their affiliated partners and health care market areas.
• The four consortia will move the nation toward the President’s goal of personal electronic health records by creating a uniform architecture for health care information that can follow consumers throughout their lives.
Nationwide Health Information Network (NHIN)
11
Standards Harmonization
ComplianceCertification
Nationwide Health Information Network
Privacy / Security
Health ITAdoption
Infr
astr
uct
ure
Ind
ust
ry T
ran
sfo
rmat
ion
Health Information Technology Deployment
Tec
hn
olo
gy
Ind
ust
ry
Consumer Value
Biosurveillance Consumer Empowerment
Chronic Care Electronic HealthRecords
Breakthroughs
Health Care Industry
12
Standards Harmonization
ComplianceCertification
Nationwide Health Information Network
Privacy / Security
Health ITAdoption
Infr
astr
uct
ure
Ind
ust
ry T
ran
sfo
rmat
ion
Health Information Technology Deployment
Tec
hn
olo
gy
Ind
ust
ry
Consumer Value
Biosurveillance Consumer Empowerment
Chronic Care Electronic HealthRecords
Breakthroughs
Health Care Industry
13
Standards Harmonization
ComplianceCertification
Nationwide Health Information Network
Privacy / Security
Health ITAdoption
Infr
astr
uct
ure
Ind
ust
ry T
ran
sfo
rmat
ion
Health Information Technology Deployment
Tec
hn
olo
gy
Ind
ust
ry
Consumer Value
Biosurveillance Consumer Empowerment
Chronic Care Electronic HealthRecords
Breakthroughs
Health Care Industry
14
Challenges & Approaches in Challenges & Approaches in Developing the Nationwide Health Developing the Nationwide Health
Information Network (NHIN) Information Network (NHIN) ArchitectureArchitecture
Casey WebsterCasey Webster
Business Consulting Services
© 2006 IBM Corporation
The Nationwide Health Information Network (NHIN) Architecture Prototype Project Internet2 Spring Member Meeting
April 26, 2006
16
MarketplacesMarketplaces
Fishkill, NY (THINC) Taconic Healthcare Information Network
Communication Hudson Valley: evolving RHIO w/ shared data at
HealthVision hub 2,300 physicians supporting 700,000 patients
Research Triangle, NC (NCHICA) (North Carolina Healthcare Information
Communication Affiliates) Competitive, high-tech urban environment: UNC,
Duke, Wake Forest Rockingham County, NC and Danville, VA (NCHICA)
North Carolina Healthcare Information Communication Affiliates)
Rural environment with NC and VA patients Small, competitive practices and hospitals
17
Research Triangle MarketplaceResearch Triangle Marketplace
UNC Hospitals and
Health System
Duke Univ. Health System
WakeMed Health SystemRex
Hospital (UNC)
1 x Practice 1 x
Practice
1 x Practice 1 x
Practice2 x
Practices
Durham Regional
Hosp(Duke)
Safety Net ProviderPublic HealthPharmacy Lab
18
Rockingham Co., NC / Danville, VA MarketplaceRockingham Co., NC / Danville, VA Marketplace
Morehead MemorialHospital
Moses Cone Health System
Annie Penn Hospital
(Moses Cone)
1 x Practice
1 x Practice 2 x
Practices
1 x Practice
(unaffiliated)
Pharmacy Public Health Safety Net ProviderLab
19
Architecture Guiding PrinciplesArchitecture Guiding Principles
Community-Centric Document repositories normalize and store clinical data within a community
Can be hosted by individual hospitals/practices and/or shared within the community
Community hub provides MPI, document locator, security and support services
The community hub is the gateway to other communities
Drive and conform to standards Instantiation of IHE interoperability framework (XDS, PIX/PDQ, ATNA & CT profiles)
Clinical events stored as HL7 CDA(r2)-compliant documents
Java/J2EE implementation is hardware & software vendor agnostic
Proven Internet protocols for authentication, authorization, and security
Provide security & privacy w/o sacrificing usability or research value Anonymous/pseudonymous data that can be re-identified as needed/permitted
Supports other data aggregates (registries, biosurveillance, outcomes analysis)
Practical Scalable and cost-effective at every level of practice
Point-of-care performance is critical to adoption
20
Security
Services
ArchitectureCommunity ArchitectureArchitectureCommunity Architecture
PIX
PDQ
MPI Services
RegistryServices
Document Locator
XDR
Community HubSupport Services
ATNA
CTLogging
Authentication
Authorization
Access Control
Patient Consent
Community Services
Biosurveillance
PHR Portal
Community XDS
CAD Search/RetrievalCAD Policies/SecurityAdmin/MaintenanceQoS
NHIN Interface
IntegrationEngine or
DataSource
Hospital or Physician Practice Interface
HCN Gateway
Xform/Xlate
Data Services
IHE Adapter
XDS
Document Services
DocumentStorage and
Retrieval
IBM Business Consulting Services
21
ArchitectureCross-Community InteractionArchitectureCross-Community Interaction
All cross-community interactions are brokered through the NHIN interface, using
other community services as needed
Authentication and authority uses a federated model, with trust relationships
established at the NHIN level
Cross-community patient lookup is based on demographic matching
Identity is established by matching demographic data between the local
and remote PDQ databases, with a conservative threshold
IBM research is working on open issues such as patient mobility, multi-
resident patients (“snowbirds”), directed searches, and undirected
bounded searches
Once a positive patient match is obtained, document search and retrieval is
identical to the intra-community model
Business Consulting Services
© 2006 IBM Corporation22
Acronyms IHE (Integrating the Healthcare Enterprise) Profiles
– XDS – Cross-Enterprise Document Sharing• Supports saving, registering, querying and retrieving documents across enterprises but within an
administrative domain
– PIX – Patient Identifier Cross-referencing• Supports cross referencing of patient identifiers across domains
– PDQ – Patient Demographics Query• Supports query for patients given a minimal set of demographic criteria (e.g. ID or partial name) returning
all the demographics and a patient identifier within a domain
– ATNA – Audit Trail and Node Authentication• Supports auditing and secure communications
– CT – Consistent Time• Supports consistent time across multiple systems
J2EE – Java 2 Enterprise Edition
– Sun’s Java-based framework for developing and deploying complex, scalable business solutions in a standardized manner, leveraging the following technologies
– JDBC – Java Database Connectivity• A vendor-neutral means of accessing relational data from within a Java/J2EE application. Note that the
data itself does not necessarily have to be stored in a relational database.
– EJB – Enterprise JavaBeans• JavaBeans are reusable components within the J2EE architecture
– JMS – Java Messaging Service• A vendor-neutral means of accessing message queuing systems (eg, MQ Series) from within a Java/J2EE
application
NHIN Architecture Prototype – Introduction
23
What is Possible Today!What is Possible Today!
Bill WeemsBill Weems
Internet2 Spring Mtg. 2006
University of Texas HealthScience Center at Houston
UTHSC-H
• Six Schools– Graduate School of Biomedical Sciences
– Dental School
– Medical School
– Nursing School
– School of Health Information Sciences
– School of Public Health
• ~ 10,000 Students, Faculty and Staff
Internet2 Spring Mtg. 2006
Texas Medical Centerwww.tmc.edu
• Forty One Institutions on 740 Acres • Approximately 65,000 Employees• Seven Large Hospitals • 6,176 Licensed Beds & 334 Bassinets• 5.2 Million Patient Visits in 2004• Baylor College of Medicine• Rice University• Texas A&M Institution of Biotechnology• University of Texas Health Science Center at Houston• University of Texas M.D. Anderson Cancer Center
Internet2 Spring Mtg. 2006
Scenario I
• UT-Houston Residency Programs have some attending physicians that are non-university personnel – e.g. M.D. Anderson & Baylor
• Dr. James at M.D. Anderson is to be an attending physician in the UT-Houston Internal Medicine Residency Program.
• On-line Graduate Medical Education Information System (GMEIS) contains confidential and sensitive information - including HIPAA data.
• Dr. James needs access to GMEIS.
• How is Dr. James’ identity verified, authenticated and authorized to have access as an attending physician?
• If Dr. James suddenly leaves M.D. Anderson, is his access to UT-Houston Residency Program immediately abolished?
Internet2 Spring Mtg. 2006
Scenario I - Problems
• Dr. James has no digital credentials.
• U.T. Houston policy requires that a responsible party at U. T. Houston assume responsibility for Dr. James and sponsor him as a “guest”.
• Dr. James must appear before a Local Registration Administration Agent (LRAA) to have his identity verified and be credentialed.
– Does not verify his status with M.D. Anderson.
• If Dr. James leaves M.D. Anderson, there is no automatic process in place to revoke his access rights.
Internet2 Spring Mtg. 2006
Ideally, individuals would each like a single digital credential that
can be securely used to authenticate his or her identity
anytime authentication of identity is required to secure any
transaction.
Internet2 Spring Mtg. 2006
Identity Provider(IdP)
uth.tmc.edu
Person
IdP ObtainsPhysical
Characteristics
Identity Vetting & Credentialing
IdentifierPermanently
Bound
AssignsEverlasting
Identifier
Digital Credential
IssuesDigital
Credential
Person Only Activation
PermanentIdentity
Database
Internet2 Spring Mtg. 2006
UTHSC-H: An Identity Provider (IdP)
It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with
digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific
responsibilities and liabilities.
Internet2 Spring Mtg. 2006
Two Categories of Identity
• Physical Identity – Assigned Identifier - Authentication– Facial picture,– Fingerprints– DNA sample
• Identity Attributes – Authorization Attributes– Common name,– Address,– Institutional affiliations - e.g. faculty, student, staff, contractor,– Specific group memberships,– Roles,– Etc.
UTHSC-H Identity Management System
HRMS SIS GMEIS Guest MSUTP
INDIS
OAC7 OAC47
SecondaryDirectories
Sync
Person Registry
AuthoritativeEnterprise Directories
AuthorizationService
AuthenticationService
User Administration Tools
ChangePassword
AttributeManagement
Identity Reconciliation &
ProvisioningProcesses
Internet2 Spring Mtg. 2006
Source of Authority (SOA) Responsibilities
• Identifying an individual,• Maintaining the appropriate records that define a
person's affiliation,• Providing others with information about the
specifics of an affiliation and,• Determining if an affiliation is currently active or
inactive – i.e. can a person be credentialed
An organizational entity officially responsible for identifying individuals having explicitly defined affiliations with the university constitutes a “source of authority” (SOA). The SOA is responsible for
Internet2 Spring Mtg. 2006
Person Registry • Identity Reconciliation
– Unique Identifiers Generated by Source of Record• SSN – If Available (HRMS, GMEIS, UTP, Guest, SIS)• Student ID, • Employee Number - HRMS
– Full Name• First, Middle, Last
– Birth Information• Date of Birth, • City of Birth, • Country of Birth
– Gender
• UUID – An everlasting unique identifier
Internet2 Spring Mtg. 2006
Issuing a Digital Credential
• Individual appears before an Identity Provider (IdP) which accepts the responsibility to – positively determine and catalog a person's uniquely
identifying physical characteristics (e.g. picture, two fingerprints, DNA sample),
– assign a unique, everlasting digital identifier to each person identified,
– issue each identified person a digital credential that can only be used by that person to authenticate his or her identity,
– maintain a defined affiliation with each individual whereby the validity of the digital credential is renewed at specified intervals.
Internet2 Spring Mtg. 2006
Identity Provider(IdP)
uth.tmc.edu
PersonIdentifier Digital CredentialPermanently
Bound
AssignsEverlasting
Identifier
IssuesDigital
CredentialIdP Obtains
PhysicalCharacteristics
Person Only Activation
Identity Vetting & CredentialingUTHSC-H Two Factor Authentication
PermanentIdentity
Database
?
?
Internet2 Spring Mtg. 2006
Identity Provider(IdP)
uth.tmc.edu
PersonIdentifier Digital CredentialPermanently
Bound
AssignsEverlasting
Identifier
IssuesDigital
CredentialIdP Obtains
PhysicalCharacteristics
Person Only Activation
Using NetworkUsernamePassword
Identity Vetting & CredentialingUTHSC-H Username/Password Authentication
PermanentIdentity
Database
???????
?
Internet2 Spring Mtg. 2006
Federal E-Authentication Initiativehttp://www.cio.gov/eauthentication/
• Levels of assurance (Different Requirements)– Level 1 – e.g. no identity vetting– Level 2 - e.g. specific identity vetting requirements– Level 3 – e.g. cryptographic tokens required– Level 4 – e.g. cryptographic hard tokens required
• Credential Assessment Framework Suite (CAF)
Internet2 Spring Mtg. 2006
UTHSC-H Strategic Authentication Goals• Two authentication mechanisms.
– Single university ID (UID) and password– Public Key Digital ID on Token (two-factor
authentication)• Digital Signatures
– Authenticates senders– Guarantees messages are unaltered, i.e. message
integrity– Provides for non-repudiation– Legal signature
• Encryption of email and other documents• Highly Secure Access Control• Potential for inherent global trust
Internet2 Spring Mtg. 2006
Mass Mailing of Signed & Encrypted E-mail
Automated Mailer
Mailing List
[email protected]@[email protected] [email protected]
&Encrypted
LDAP Directory
Service
Request Recipient's
Digital Cert.
Message [email protected]
Internet2 Spring Mtg. 2006
The University of Texas SystemSTRATEGIC LEADERSHIP COUNCIL
Statement of DirectionIdentity Management
April 27, 2004• LDAP (Lightweight Directory Access Protocol)
compliant directory services,• eduperson schema as promulgated by
EDUCAUSE and Internet2,• utperson schema (to be developed)• inter-institutional access control utilizing
Internet2 Shibboleth, and• consistent institutional definitions and identity
management trust policies for students, faculty, and staff as well as sponsored affiliates.
Identity Provider(IdP)
uth.tmc.edu
Federated Services Identity (IdP) & Service Providers (SP)
Identity Provider(IdP)
utsystem.edu
Identity Provider(IdP)
bcm.edu
Resource Provider(SP)
library.tmc.edu
Blackboard(SP)
uth.tmc.edu
GMEIS(SP)
uth.tmc.edu
Identity Provider(IdP)
mdanderson.org
Identity Provider(IdP)
utmb.edu
FederationWAYF Service
InCommon
Public Key
Infrastructure
Home Organization
Attribute Authority
Authentication System (ISO/SSO/Cert)
Handle Service
IdP
RBAC Authorization
System - LDAP (eduperson)
Browser
FederationWAYF SERVICE
(IN COMMON)
Attributes determined by ARP
Service Provider
SHIRE
SHAR
Resource Manager
SP
Web Site
Shib Software =
ShibbolethHome University
Attribute Authority
Authentication System (ISO/SSO/Cert)
Handle Service
Resource Provider
SHIRE
SHAR
Resource Manager
Browser
WAYF (In Common)
1
34
IdPSP
5
2
7
6
8
LDAP (eduperson)
9
10
Web SiteAttributes determined by ARP
11
How Does Shibboleth Work?
Who are you and
where you come from?
What is your
Organization?
Your request is forwarded
to your Organization
Handle Service
Who are You? Can you login?
I know who you are. Your request
and handle is redirected to
Target
Now I know who you are.
What are your user
attributes?
What are the attributes for
this user?
Your attributes are returned to Target
I am satisfied with the attributes.
You are allowed access
Internet2 Spring Mtg. 2006
The focus of planning should be on how Identity Management makes life great
for people in cyberspace!!! Don’t focus on underlying theory, arcane concepts and minute implementation details. If basic infrastructure is in place along
with user applications, people will use it and demand more.
Lessons Learned
Internet2 Spring Mtg. 2006
What Is Needed To Reach Critical Mass?
• Develop a core group that operationally believes in & understands Identity Management!
• Identity Management basic policies and procedures.
• Identity reconciliation & provisioning systems• Operational LDAP directory service.• As many “real” applications as possible!
– Solutions that use signing & encryption.– Cherished resources PKI and Shibboleth enabled for
access.
47
Thank YouThank You
Questions ?Questions ?